Friday April 22, 2011 11:48 am

How to view the tracking data in your iPhone

Coverage of the iPhone tracking "feature" has ranged from concern to outrage. "I don't know about you, but the fact that this feature exists on an iPhone is a deal-killer," wrote PCMag Columnist John Dvorak, shortly after news broke. Editor Dan Costa drew a softer line, writing, "Apple may not be actively tracking you, but it did turn your phone into a tracking device without telling you."

As frustrating as it is to learn that your iPhone has been spying on you, collecting an unencrypted treasure trove of your travels, the truth is we knew this was happening. Last June we reported that Apple updated its privacy policy, stating that it could, "collect, use, and share precise location data, including real-time geographic location of your Apple computer or device." How precise that location data is remains in question. What is clear, however, is that the update arrived alongside the release of iOS 4—the OS affected by the tracking feature—and identified the four devices (iPhone 3G, iPhone 3GS, iPhone 4, and iPad with 3G) affected by the tracking feature.

I'm not about to give Apple a pass on disclosure or execution. Who combs through an Apple privacy statement when the latest iOS software awaits? And, to "collect" and "share" user data is one thing; to retain it in an unprotected file is quite another.

However, I think it's important that, with a few days' hindsight, we move beyond the bombast, pin down the facts, and see what's actually there. To do this, I've taken a close look at what's at risk and, in empirical spirit, borrowed fellow PCMag software analyst Jeff Wilson's iPhone 3GS to see what I could learn of the man and the travels using Pete Warden's iPhoneTracker app.

What and Who Is At Risk?
First, the bad news: if you're running iOS 4, your location-based data—latitude and longitude coordinates, coupled with timestamps—is stored on your phone in a file called "consolidated.db;" that file is automatically transferred to any machines with which you sync (and back up), and it's probably flowing back to Apple in some form or another. The worse news: if you haven't encrypted your backups, that data is unprotected.

Now, for the not-so-bad news. There's no confirmation that that data is leaving your custody and no evidence that Apple's harvesting it towards nefarious ends. More likely, it's being used for two things: Apple's reportedly tapping location information to build a database, which may actually be for your own good; and other apps, such as Maps, require geo-locational data to play. To halt both in their tracks, you can disable Location Services.

Furthermore, the data is far from "precise." In fact, Apple's data collection is both inconsistent and imprecise. Rather than using GPS, location information logged in consolidated.db is determined by triangulation via cell-phone towers, a notoriously loose method. Update times run the gamut, left to the whims of cell-phone towers and phone activity. Finally, the location data available on your phone is limited by several variables:

it dates back to the release of iOS 4, less than one year;

only affects iPads with 3G or the iPhone 3G, 3GS, and 4;

while data is timed to the second on your iPhone, you can only browse within a single week of activity using Pete Warden's iPhoneTracker application

The final point is important: let me show you why. (Click "Next" below to keep reading.)

Where In The World Is Jeff Wilson?
Reading about the iPhone tracking feature is all databases and timestamps. To see what's at risk, I borrowed analyst Jeff Wilson's iPhone 3GS to see what I could learn about his provocative lifestyle. For those interested in our other resident man of mystery, Sascha Segan has posted his iPhone-tracked travels.

To access Jeff's data, I downloaded Pete Warden's free iPhoneTracker app, which makes data plotting as easy as connecting your iOS 4 device to and launching the app on the OS X machine with which you sync.

The first stumbling block I encountered was that I couldn't sync Jeff's iPhone 3GS without his passcode. Even with it, I hit a second wall: because I was using my MacBook Pro, I was trying to access backups that weren't there. In order for me to see his previously logged backups, I had to restore his iPhone 3GS and sync it with my desktop.

Once restored, I gained access to Jeff's backups, and thus his location history, with one noteworthy caveat: I could only view data week by week.

iPhoneTracker shows a map splattered with data points. At the bottom of the screen there's a play button that animates location information chronologically: locational data is compressed into week-long frames. Yes, I could see that Jeff gallivanted in Las Vegas in early January, that he works in midtown Manhattan, and that he gives equal love to all the boroughs of New York City, but when it comes to learning anything more specific about his travel patterns, the data set, supplied in seven-day nuggets, can be difficult to interpret. To make the data less useful to villainous voyeurs (in this case, me), Pete Warden has limited the specificity of results to week-long increments. For basic scouting, iPhoneTracker is specific enough, but if you're seeking to parse movement, more precise information is stored in consolidated.db.

How To Cover Your Tracks
If you're concerned about your locational information winding up in the wrong hands, there are several actions you can take. First, you can delete all of your previous backups in one swoop by opening iTunes Preferences, clicking the Devices tab, and deleting the appropriate backup. Second, you can do what Apple arguably should have done already: encrypt it. It's easy: click on your device in iTunes, scroll to the bottom the options page, tick the box "Encrypt backups," and set a password. If Jeff had an angry ex, this would stop her from doing what I did with his iPhone (and discovering all that inter-borough love). For those who don't like the idea of their iOS device chatting with Apple at all, you can prohibit all communication by disabling Location Services (in Settings), though you may find that many apps are less useful without it. Finally, setting a passcode on your iPhone is good policy, no matter what. It stopped me from syncing his iPhone with my laptop and it will keep the rest of your information private.

Go Ahead, Snoop on Yourself
There's good reason to be upset about Apple's poor disclosure of and security surrounding its iOS 4 location-based tracking. Hopefully they'll address the lack of encryption in a timely, dot-something update. In the meantime, it's not as dire as some doomsayers suggest: it's not bobbing about the Internet, it's not being trolled by the government, and it's not any more likely to be used in court than cell phone company data. If you're not comfortable with the locational log, there are simple, concrete actions you can take today, such as deleting previous backups and disabling Location Services.

Before you lock down your iPhone, though, consider downloading iPhoneTracker and snooping on yourself. One thing overlooked in panic and paranoia of the past couple days is that this log captures spontaneous movement. Yes, it's unconsented, unexpected, and unwelcomed, but I found it fascinating to see time and motion plotted on a map. It's easy to forget the astonishing distance traveled over days, weeks, and months, and this feature, in passively tracing individual movement—however imprecise—creates some rudimentary system of record and applies some coherent chronological organization to the innumerable miles otherwise misplaced.

This article, written by William Fenton, originally appeared on PCMag.com and is republished on Gear Live with the permission of Ziff Davis, Inc.